Bug ID 455391: Bad parsing of query string in URL with authentication

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3

Fixed In:
11.6.0, 11.5.1 HF4, 11.4.1 HF6, 11.4.0 HF7, 11.3.0 HF9

Opened: Apr 03, 2014

Severity: 3-Major

Symptoms

ASM bypass techniques discovered during Pentest.

Impact

Causes ASM to misbehave within the query string parser, and fails to detect relevant malicious requests.

Conditions

Request with authentication URL.

Workaround

N/A

Fix Information

We improved how the system parses query strings in absolute URLs.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips